| 引用本文: | 金志刚,周峻毅,武晓栋.基于特征缩减与自注意力机制的入侵检测方法[J].哈尔滨工业大学学报,2025,57(10):112.DOI:10.11918/202206023 |
| JIN Zhigang,ZHOU Junyi,WU Xiaodong.An intrusion detection method based on feature reduction and self-attention mechanism[J].Journal of Harbin Institute of Technology,2025,57(10):112.DOI:10.11918/202206023 |
|
| 摘要: |
| 针对现代网络环境下流量数据特征高维化导致入侵检测时空复杂度较高,与传统入侵检测方法对流量数据之间相关性感知能力不足导致分类准确率不高的问题,以入侵检测高效性与准确性为目标,提出基于特征缩减和改进的自注意力机制的入侵检测方法。首先,针对数据高维化问题,使用具备非线性特征提取能力的自编码器进行特征抽取,降低数据冗余度的同时保证分类器的性能基本不变,确保入侵检测方法高效识别攻击行为。其次,针对传统入侵检测方法忽视流量数据相关性的问题,在入侵检测分类过程中引入自注意力机制学习一段时间内网络数据的相关性,并在原有的自注意力机制中引入因果卷积计算数据间的相关性分数,综合当前流量数据的局部位置信息和关注域内各流量数据之间的相关性综合分析当前流量行为并完成精准分类。在UNSW-NB15数据集上的实验表明,所提入侵检测方法在二分类任务中准确率达98.32%,在多分类任务中表现也同样优于传统入侵检测方法,在现代网络环境中具有较好的应用前景。 |
| 关键词: 入侵检测 深度学习 自编码器 自注意力机制 因果卷积 |
| DOI:10.11918/202206023 |
| 分类号:TP393.08 |
| 文献标识码:A |
| 基金项目:国家自然科学基金(52171337) |
|
| An intrusion detection method based on feature reduction and self-attention mechanism |
|
JIN Zhigang1,ZHOU Junyi1,2,WU Xiaodong1
|
|
(1.School of Electrical and Information Engineering, Tianjin University, Tianjin 300072, China; 2.International Engineering Institute, Tianjin University, Tianjin 300072, China)
|
| Abstract: |
| In view of the high spatial and temporal complexity of intrusion detection caused by high dimensionality of traffic data features in the modern network environment and low classification accuracy caused by the lack of sensitivity of traditional intrusion detection methods to the correlation between traffic data, an intrusion detection method based on feature reduction and improved self-attention mechanism is proposed to improve the efficiency and accuracy of intrusion detection. Firstly, aiming at the problem of high-dimensional data, an auto-encoder with nonlinear feature extraction capability is used to extract features, which reduces data redundancy and ensures classifier performance to be basically unchanged, so as to ensure that intrusion detection methods can effectively identify attacks. Secondly, aiming at the problem that traditional intrusion-detection methods ignore the correlation of traffic data, a self-attention mechanism is introduced in the intrusion detection classification process to learn the correlation of network data over a period of time. The causal convolution is introduced in original self-attention mechanism to calculate the correlation score between data, and integrate the local location information of current traffic data and the correlation between the traffic data in the concerned domain, which comprehensively analyzes current traffic behavior and complete accurate classification. Experimental results on UNSW-NB15 dataset show that the proposed intrusion detection method attains 98.32% accuracy on the binary classification tasks, and outperforms traditional methods on multi-classification tasks as well, indicating promising applicability in modern network environment. |
| Key words: intrusion detection deep learning auto-encoder self-attention mechanism causal convolution |
